<?php

$sanitize_all_escapes = true;
$fake_register_globals = false;
if (!isset($_REQUEST['medico'])) 
    session_start();

$landingpage = "index.php?site=" . $_SESSION['site_id'];
if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite'])) {
    $pid = $_SESSION['pid'];
} else {
    if (!isset($_REQUEST['medico'])) {
        session_destroy();
        header('Location: ' . $landingpage . '&w');
        exit;
    }
}
$ignoreAuth = true;
require_once('../interface/globals.php');
include_once("$srcdir/sql.inc");

$search = $_REQUEST['q'];
$query = "SELECT short_desc, dx_id,dx_code FROM icd10_dx_order_code WHERE short_desc like '%" . $search . "%' and active = '1' order by short_desc asc";
$data = query_paciente($query);

$result = "";

if (is_array($data)) {
    foreach ($data as $valor) {
        $val1 = $valor["short_desc"];
        $val2 = $valor["dx_id"];
        $val3 = $valor["dx_code"];
        $result .= htmlentities($val3)." - ".htmlentities($val1) . "|" . htmlentities($val2) . "\n";
    }
}
echo str_replace(",]", "]", $result);

function query_paciente($query) {
    ob_start();
    $res = sqlStatement($query);
    if ($res) {
        for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
            $all[$iter] = $row;
        }
    }
    $v = ob_get_clean();
    return $all;
}

?>